mirrors/zotero
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions

Allow disabling JavaScript in basic viewer (#3089)

Browse source 
And:
- Prevent JavaScript inside notes from executing in reports
- Update calls to openInViewer() to pass an options object
This commit is contained in:
Abe Jellinek 2023-04-20 15:50:57 -04:00 committed by GitHub
parent 78a81f321a
commit c7d30ebde4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 69 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

26
chrome/content/zotero/preferences/preferences_cite.jsx
View file

@ -140,18 +140,20 @@ Zotero_Preferences.Cite = {
openStylesPage: function () { openStylesPage: function () {
Zotero.openInViewer("https://www.zotero.org/styles/", function (doc) { Zotero.openInViewer("https://www.zotero.org/styles/", {
// Hide header, intro paragraph, Link, and Source onLoad(doc) {
// // Hide header, intro paragraph, Link, and Source
// (The first two aren't sent to the client normally, but hide anyway in case they are.) //
var style = doc.createElement('style'); // (The first two aren't sent to the client normally, but hide anyway in case they are.)
style.type = 'text/css'; var style = doc.createElement('style');
style.innerHTML = 'h1, #intro, .style-individual-link, .style-view-source { display: none !important; }' style.type = 'text/css';
// TEMP: Default UA styles that aren't being included in Firefox 60 for some reason style.innerHTML = 'h1, #intro, .style-individual-link, .style-view-source { display: none !important; }'
+ 'html { background: #fff; }' // TEMP: Default UA styles that aren't being included in Firefox 60 for some reason
+ 'a { color: rgb(0, 0, 238) !important; text-decoration: underline; }' + 'html { background: #fff; }'
+ 'a:active { color: rgb(238, 0, 0) !important; }'; + 'a { color: rgb(0, 0, 238) !important; text-decoration: underline; }'
doc.getElementsByTagName('head')[0].appendChild(style); + 'a:active { color: rgb(238, 0, 0) !important; }';
doc.getElementsByTagName('head')[0].appendChild(style);
}
}); });
}, },

4
chrome/content/zotero/preferences/preferences_cite.xhtml
View file

@ -61,10 +61,10 @@
<hbox> <hbox>
<button id="openCSLEdit" <button id="openCSLEdit"
label="&zotero.preferences.styleEditor;" label="&zotero.preferences.styleEditor;"
oncommand="Zotero.openInViewer('chrome://zotero/content/tools/csledit.xhtml', true)"/> oncommand="Zotero.openInViewer('chrome://zotero/content/tools/csledit.xhtml')"/>
<button id="openCSLPreview" <button id="openCSLPreview"
label="&zotero.preferences.stylePreview;" label="&zotero.preferences.stylePreview;"
oncommand="Zotero.openInViewer('chrome://zotero/content/tools/cslpreview.xhtml', true)"/> oncommand="Zotero.openInViewer('chrome://zotero/content/tools/cslpreview.xhtml')"/>
</hbox> </hbox>
</groupbox> </groupbox>
</vbox> </vbox>

4
chrome/content/zotero/reportInterface.js
View file

@ -54,7 +54,7 @@ var Zotero_Report_Interface = new function() {
url += '/items' + queryString; url += '/items' + queryString;
Zotero.openInViewer(url); Zotero.openInViewer(url, { allowJavaScript: false });
} }
@ -71,6 +71,6 @@ var Zotero_Report_Interface = new function() {
var url = 'zotero://report/' + Zotero.API.getLibraryPrefix(libraryID) + '/items' var url = 'zotero://report/' + Zotero.API.getLibraryPrefix(libraryID) + '/items'
+ '?itemKey=' + items.map(item => item.key).join(','); + '?itemKey=' + items.map(item => item.key).join(',');
Zotero.openInViewer(url); Zotero.openInViewer(url, { allowJavaScript: false });
} }
} }

19
chrome/content/zotero/standalone/basicViewer.js
View file

@ -27,6 +27,8 @@
"resource://gre/modules/E10SUtils.jsm" "resource://gre/modules/E10SUtils.jsm"
);*/ );*/
const SANDBOXED_SCRIPTS = 0x80;
var browser; var browser;
window.addEventListener("load", /*async */function () { window.addEventListener("load", /*async */function () {
@ -51,9 +53,10 @@ window.addEventListener("load", /*async */function () {
);*/ );*/
//browser.docShellIsActive = false; //browser.docShellIsActive = false;
// Load URI passed in as nsISupports .data via openWindow() // Get URI and options passed in via openWindow()
window.viewerOriginalURI = window.arguments[0]; let { uri, options } = window.arguments[0].wrappedJSObject;
loadURI(window.arguments[0]); window.viewerOriginalURI = uri;
loadURI(uri, options);
}, false); }, false);
window.addEventListener("keypress", function (event) { window.addEventListener("keypress", function (event) {
@ -73,7 +76,15 @@ window.addEventListener("click", function (event) {
} }
}); });
function loadURI(uri) { function loadURI(uri, options = {}) {
// browser.browsingContext.allowJavascript (sic) would seem to do what we want here,
// but it has no effect. So we use sandboxFlags instead:
if (options.allowJavaScript !== false) {
browser.browsingContext.sandboxFlags &= ~SANDBOXED_SCRIPTS;
}
else {
browser.browsingContext.sandboxFlags |= SANDBOXED_SCRIPTS;
}
browser.loadURI( browser.loadURI(
uri, uri,
{ {

30
chrome/content/zotero/standalone/standalone.js
View file

@ -850,21 +850,23 @@ ZoteroStandalone.DebugOutput = {
view: function () { view: function () {
Zotero.openInViewer("chrome://zotero/content/debugViewer.html", function (doc) { Zotero.openInViewer("chrome://zotero/content/debugViewer.html", {
var submitted = false; onLoad(doc) {
doc.querySelector('#submit-button').addEventListener('click', function (event) { var submitted = false;
submitted = true; doc.querySelector('#submit-button').addEventListener('click', function (event) {
}); submitted = true;
doc.querySelector('#clear-button').addEventListener('click', function (event) { });
Zotero.Debug.clear(); doc.querySelector('#clear-button').addEventListener('click', function (event) {
});
// If output has been submitted, disable logging when window is closed
doc.defaultView.addEventListener('unload', function (event) {
if (submitted) {
Zotero.Debug.setStore(false);
Zotero.Debug.clear(); Zotero.Debug.clear();
} });
}); // If output has been submitted, disable logging when window is closed
doc.defaultView.addEventListener('unload', function (event) {
if (submitted) {
Zotero.Debug.setStore(false);
Zotero.Debug.clear();
}
});
}
}); });
}, },

26
chrome/content/zotero/xpcom/zotero.js
View file

@ -1087,9 +1087,16 @@ Services.scriptloader.loadSubScript("resource://zotero/polyfill.js");
* Opens a URL in the basic viewer, and optionally run a callback on load * Opens a URL in the basic viewer, and optionally run a callback on load
* *
* @param {String} uri * @param {String} uri
* @param {Function} [onLoad] - Function to run once URI is loaded; passed the loaded document * @param {Object} [options]
* @param {Function} [options.onLoad] - Function to run once URI is loaded; passed the loaded document
* @param {Boolean} [options.allowJavaScript] - Set to false to disable JavaScript
*/ */
this.openInViewer = function (uri, onLoad) { this.openInViewer = function (uri, options) {
if (options && !options.onLoad && typeof options === 'function') {
Zotero.debug("Zotero.openInViewer() now takes an 'options' object for its second parameter -- update your code");
options = { onLoad: options };
}
var viewerWins = Services.wm.getEnumerator("zotero:basicViewer"); var viewerWins = Services.wm.getEnumerator("zotero:basicViewer");
for (let existingWin of viewerWins) { for (let existingWin of viewerWins) {
if (existingWin.viewerOriginalURI === uri) { if (existingWin.viewerOriginalURI === uri) {
@ -1099,12 +1106,17 @@ Services.scriptloader.loadSubScript("resource://zotero/polyfill.js");
} }
let ww = Components.classes['@mozilla.org/embedcomp/window-watcher;1'] let ww = Components.classes['@mozilla.org/embedcomp/window-watcher;1']
.getService(Components.interfaces.nsIWindowWatcher); .getService(Components.interfaces.nsIWindowWatcher);
let arg = Components.classes["@mozilla.org/supports-string;1"] let arg = {
.createInstance(Components.interfaces.nsISupportsString); uri,
arg.data = uri; options: {
...options,
onLoad: undefined
}
};
arg.wrappedJSObject = arg;
let win = ww.openWindow(null, "chrome://zotero/content/standalone/basicViewer.xhtml", let win = ww.openWindow(null, "chrome://zotero/content/standalone/basicViewer.xhtml",
null, "chrome,dialog=yes,resizable,centerscreen,menubar,scrollbars", arg); null, "chrome,dialog=yes,resizable,centerscreen,menubar,scrollbars", arg);
if (onLoad) { if (options?.onLoad) {
let browser; let browser;
let func = function () { let func = function () {
win.removeEventListener("load", func); win.removeEventListener("load", func);
@ -1117,7 +1129,7 @@ Services.scriptloader.loadSubScript("resource://zotero/polyfill.js");
}; };
let innerFunc = function () { let innerFunc = function () {
browser.removeEventListener("pageshow", innerFunc); browser.removeEventListener("pageshow", innerFunc);
onLoad(browser.contentDocument); options.onLoad(browser.contentDocument);
}; };
win.addEventListener("load", func); win.addEventListener("load", func);
} }

2
chrome/content/zotero/zoteroPane.xhtml
View file

@ -537,7 +537,7 @@
label="&installConnector.label;" label="&installConnector.label;"
oncommand="ZoteroStandalone.openHelp('connectors');"/> oncommand="ZoteroStandalone.openHelp('connectors');"/>
<menuitem id="menu_addons" label="&addons.label;" <menuitem id="menu_addons" label="&addons.label;"
oncommand="Zotero.openInViewer('chrome://mozapps/content/extensions/aboutaddons.html', ZoteroStandalone.updateAddonsPane)"/> oncommand="Zotero.openInViewer('chrome://mozapps/content/extensions/aboutaddons.html', { onLoad: ZoteroStandalone.updateAddonsPane })"/>
<menu id="developer-menu" <menu id="developer-menu"
label="&developer.label;"> label="&developer.label;">
<menupopup> <menupopup>